OT: Setting up a forwarding mail domain in DMZ without pinhole.

Tom Diehl tdiehl at rogueind.com
Sun Aug 22 14:19:52 UTC 2004


On Sun, 22 Aug 2004, Gene Delitzoy wrote:

> On Sun, 2004-08-22 at 03:58, Peter Boy wrote:
> > Am So, den 22.08.2004 schrieb Sanjay Arora um 08:26:
> > > I want the DMZ server to receive the mails from the internet, for the
> > > domains, it is set up as first MX and keep them in its queues. I want
> > > the Green server to periodically connect to the DMZ qmail server and get
> > > all mails from it...as the DMZ server cannot connect to it due to the
> > > iptables firewall.
> > 
> > The SMTP does not support your model to use your "green" server to
> > "pull" mail from the DMZ server. It is a "push" type communication
> > model.
> > 
> > So you have to use something like
> > - pop protocol to transfer the mail (e.g. fetchmail)
> > - nfs/ftp to periodically transfer the mailbox files
> > - use cron to peridically allow incoming smtp on the firewall
> >   and initiate a resend on the DMZ mailserver
> > 
> pretty easy to do this if not exactly the way you want, setup your dmz
> machine to answer for your domains(mx), then use transport maps to send
> all mail for those domains to your specified host. This is with postfix,
> postmap transport after your finished.
> http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

Ummmm, the OP said he was using qmail, didn't he?

Tom





More information about the fedora-list mailing list